Beginning Django E - Commerce

—321 case-sensitivity, in database engines, 42 „ INDEX 368 Catalog and Product models, specifying relationship between, 349 catalog app, creating catalog directory in, 45 catalog data, creating app for, 348—349 catalog views, coding up, 68—69 catalog.html file adding warning message to, 228 changing placeholder line of text in, 107 creating in templates directory, 26—27 creating, 26—28 tweaking to use new template tag, 104 catalog.html template file, creating to house layout of site, 347—348 catalog/category.html file, adding product thumbnail into, 178 catalog/models.py file, adding imports and signal connections to, 292 catalog/product.html, changing to call caption field, 178 catalog/product.html template, adding code to restrict product review form display, 214 catalog/tag_cloud.html template file, creating, 225 catalog_filters.py file, adding custom currency filter code to, 96—97 catalog_tags.py file, adding function for inclusion tag in, 202 catalog_tags.py module adding code to, 103 adding flatpages code to, 107 creating, 102 categories, linking to the Category pages, 53 category and product admins, 57—59 Category class, adding cache_key property to, 292—293 category description field, 51 category link list, 73 category list, creating for left-hand column on site, 350 category list tag, re-creating, 103—104 category model coding, 50 creating, 50—54 Category model class hooking up the new Manager class in, 181 writing test class for, 314 category pages, list of items for, 48 category testing, 309—312 category.html file, adding code to category page in, 70 category_list() inclusion tag function, modifying to use cache first, 291 category_list.html file, adding content to, 103— 104 cc_expire_months() method, creating Python list of tuples with, 136 cc_expire_years() method, 136 certificate authorities function of, 334—335 most well-known, 335 certificate file adding header to all requests from NginX to Apache, 337—338 creating, 336 Certificate Signing Request (CSR) creating, 335 generating, 335 certificates, on Windows server, 336 Change Password page, creating, 162—163 character encodings, web site address for thorough listing of, 138 CharField field type, that stores data, 48 Charge order button, capturing payment from customer with, 123 checkout app, 45 creating, 116—124 Checkout button, adding to cart page template and testing, 119—124 checkout form, 133—137 testing, 318—319 checkout page, updating, 169—171 checkout template and order form, 143—149 checkout views and URLs, 141—143 checkout.html file, adding template code to, 144—145 checkout.html template, adding redirect to login page in, 170—171 checkout.py file altering get_checkout_url() function in, 138—139 creating, 119 checkout_tags.py, adding to templatetags directory, 144 CheckoutForm class, getting to, 136—137 child elements, referencing first and last, 209 Churcher, Clare, Beginning Database Design by, 44 „ INDEX 369 clean() method, 88 clean_field_name() methods, specifying inside the form class, 137 Client instance, creating one with an item in cart, 318 Client test class, adding to tests.py, 318—319 cloud_for_model() method, retrieving all tags for a given model with, 225 cmemcache module, web site address, 287 CNP transactions. See Card Not Present (CNP) transactions code, testing, 300—301 commenting your code, 91 commit keyword argument, 127 configuring, local settings, 259 Contact page, 105 Contact static flatpage, adding, 106 content relocation, 244—245 contenttypes framework, Django's, 221 Context object, 24—25 context processors, 67 creating valid, 67 making available to project, 67—68 context_instance argument, get_object_or_404, 69 context_processors.py file, creating, 67 COOKIE_SESSION_AGE value, setting, 285 cookies checking for, 87 destroying dummy, 87 importance of enabling in cart app, 86 making unreadable, 85 setting to last 90 days, 85 tracking shopping cart data with, 81 writing a dummy test one, 87 core competency, 2 create order() method, 140 create_order() function creating link from order to user in, 164 updating for Order Info page, 170 created_at DateTimeField, specifying reverse sort order in, 52 credit, 129 credit card data extracting from form post data, 140 secure storage of, 269—270 credit card form example of, 276 output of processing, 277 credit card information, adding form fields to capture, 137 credit card model and form, 273—278 credit card numbers, validating, 133 credit card transactions, 129 credit card validation, Python function for, 134 cross-selling, intelligently, 193—204 cross-site request forgery (CSRF) attacks, preventing, 263—265 cross-site scripting attacks custom template filters to prevent, 96 preventing, 262—263 testing for, 262—263 CRUD commands, 41 cryptographic hash function, for storing passwords, 266—268 CSRF. See cross-site request forgery (CSRF) attacks CSS, adding, 29—34 CSS and JavaScript moving into separate files, 295 reducing number of external components, 295—296 CSS file adding navigation list of hyperlinks to, 35 adding styles to position and style new divs to, 228—229 adding styles to, 104 attaching to template files, 31—32 for very large sites, 33 CSS style definition, adding in stylesheet to color tag links, 224 CSS styles, admin interface, 338—339 css.css file adding field.checkout styles to, 146—147 adding new CSS classes to, 72 CSVs (comma-separated values), 40 currency filter, creating custom, 96—97 currency values, storing in applications, 49 custom currency filter, creating, 96—97 custom sale_price() method. See sale_price() method custom template tags, adding, 101 customer order, list of items included in, 151 customer registration, revisiting, 259—261 customer-based order filtering, 195 Customers who purchased this product also purchased…, adding to product page, 195 „ INDEX 370 Cutts, Matt, web site address, 234 „D Daswani, Neil, Foundations of Security: What Every Developer Needs To Know by, 278 data deleting old from databases, 284—286 the virtue of stale, 287—288 data, transferring with Django, 338 Data Encryption Standard (DES), replaced by Advanced Encryption Standard (AES), 271 Data Tier, 44 data warehouse principle, 247 Data Warehouse Toolkit, The, by Ralph Kimball and Margy Ross, 246 database effect on performance, 280—286 storing secrets in, 266—267 database engines, ordering and case sensitivity in, 42 database indexes, creating, 283—284 database table, basic operations you can perform in, 41 databases, deleting old data from, 284—286 databases. See also relational database introduction to, 40—44 normalizing, 43 setting up for your products, 39—78 dates, used in apps, 50 DateTime fields, 52 DAVE (Delete, Add, View, and Edit), 41 debug mode, the evils of, 258 DEBUG value, setting to avoid security breaches, 258 DEBUG variable, setting to True, 36 decimal_places, DecimalField, 55 DecimalFields, storing monetary values in, 49 decorator, @ character as, 53 Definition Language (DDL), looking at, 60 Definitive Guide to MySQL, The, Third Edition, By Michael Kofler, 40 DELETE command, 41 delete() function, purging an item from the cache with, 289 delete_old_carts.py file, calling to remove old carts, 285 deployment, of apps into production, 323—339 description meta tag, recommended maximum length for, 234 /diagnose, adding for debugging problems, 121 __dict__ attribute, 64-65 dictionary attack, 260 dictionary of headers, for request, 138 dir() method, 64 directories, copying key file and certificate file into, 336 distinct() method calling to eliminate duplicates, 194 getting list of distinct product purchases with, 195 distributed version control system, Git as, 6 division of labor, advantages of, 255—256 Django admin interface, 4 App Engine patch, 343—345 availability of, 4 configuring Apache to talk to, 328 core competencies, 4 creating a site, 17—18, 38 dealing with exceptions, 22—23 deployment philosophy, 324—325 downloading, 4 enforcing uniqueness on a database field, 41 handling of requests made to site, 23 hooking Apache into, 328 installing, 8—9 modularity of, 5 on Google App Engine, 341—364 order checkout by, 130—151 Ruby on Rails migration to, 175 setting up databases in, 44—45 straying from the philosophy, 5 testing, 299—321 transferring data with, 338 URL management, 4 web site address for online documentation, 63 welcome to, 17—19 what it creates for project, 18—19 what it gives you, 44—45 Django admin interface, 56—65 adding new categories to, 62 changing settings.py file in, 56—57 customizing, 63 homepage, 61 „ INDEX 371 login screen, 61 Django application, defined, 39 Django cache API, low-level, 289—291 Django client test class, creating new instance of, 304—305 Django content types, 221 Django contenttypes framework, 221 Django DB Log middleware module, 22—23 Django exceptions, logging, 22—23 Django feed framework, 251 Django forms, using, 86—95 Django Image Fields, 174 removing existing from database table, 175 Django models. See also models creating, 45—56 Django permissions, 256—257 applying to groups and users, 257 Django redirects framework, permanently redirecting URLs with, 244 Django sessions, overview, 84—85 Django signals a quick word about, 293 for cache invalidation, 291—293 Django sites framework, making sure it is installed, 243 Django SlugField, use of on models, 234 Django source code, making friends with, 153— 154 Django template blocks, 26 Django template filter, using, 71—72 Django template filters, 96—97 Django templates, 24—25 if and for tags, 96 levels of, 25—28 Django templating system, basics of, 23—25 Django test suite, testing your web site with, 299—321 Django TestCase testing methods, 302 Django User model, adding a field to, 155 Django user profiles, creating, 165—171 Django view, Python function that acts as, 23— 24 Django web framework architecting a site with, 1—16 creating a site, 17—18 reasons for using, 4—7 djangodblog app, 45 Django's authentication app, hooking into, 154—165 django-sphinx, as third-party search solution, 192 django-tagging adding to project INSTALLED_APPS section, 220 downloading and installing, 220—221 dmigrations, 175 do_auth_capture() function, how it works, 138 doctests, 299 Document Type Declaration, changing web site's, 240 Dojo, JavaScript library, 208 double curly-braces {}, in templates, 25 DRY models and forms, 126—128 DRY principle, 54 duck typing, in Python, 155 dummy cookie. See cookies dumpdata command, 307 duplicate content problem, dealing with, 236— 238 „E Eclipse, installing, 9 e-commerce, and search tracking, 248—250 e-commerce application business requirements, 12—15 creating the catalog app, 45 creating with Django web framework, 1 creating your own, 2—3 how it all works, 75—77 marketing decisions, 14—15 reviewing code for, 73—75 ecomstore project, what Django creates for, 18— 19 ecomstore.crt certificate file, creating, 336 ElementTree library, web site address, 114 encryption and decryption keys, secure storage of, 271 encryption keys, creating subdirectory in system shell to hold, 272 encryption process, creating a key to use for, 272 environment, configuring so Apache can talk to Django, 328 error logs, Remote Data API, and network programming, 362—363 error messages, handling in Add To Cart form, 94 example.com, in Sites section, 105 „ INDEX 372 exclude variable, 58 external components optimizing, 296—297 reducing number of, 295—296 „F fetch() method, using for list of results, 351 File Not Found, and custom 404s, 77 FileField, 55 filter() function, 164 filtering, order-based, 194 filters, chaining together, 182—183 Firebug, addon for Firefox, 7 Firefox, using as browser, 6—7 Firefox Accessibility Extension, addon for Firefox, 7 fixtures creating from test database, 307 managing test state with, 307—308 specifying in each test class, 308 flatpages adding to admin interface, 105—107 static content with, 105—107 flatpages app for Django, 37 for static content, 105—107 hooking up, 105 flatpages subdirectory, creating default.html file in, 106—107 footer_links.html template, adding caching tags to, 288 foreign key, 43 form checking validity of before saving, 127 saving, 127—128 form class, that inherits from ModelForm, 127 form class definition, adding to forms.py file, 274—275 form fields adding to form to capture credit card information, 137 setting size attribute for, 136 form variable, returning with each product page response, 311 form_table_row.html file, adding HTML and Django template code to, 143—144 forms, DRY models and, 126—128 forms and shopping cart, testing, 315—318 forms.py file adding code to for Order Info page, 167 adding code to for password security, 260— 261 adding custom drop-down menus to, 134— 137 adding form class definition to, 274—275 adding review form definition to, 214 creating and adding code to, 355 Foundations of Python Network Programming, by John Georzen, 151 Foundations of Security, by Neil Daswani, Christoph Kern, and Anita Kesevan, 278 frequent_search_words() function, calling to get a Python list, 199 Front-end engineering, 293—297 functional specifications, creating before programming, 1—2 functional tests, writing, 304—307 „G _generate_cart_id() method, for creating Cart ID, 85 _generated_media, creating newest version of files in, 345 Georzen, John, Foundations of Python Network Programming by, 151 GET and POST, used when processing forms, 88 get() function, using on the cache, 289 get_absolute_url() method, using to get cache key value, 290 get_absolute_url() method defining on Order model, 162 effect of calling, 53 generating links automatically on Product model with, 244 get_checkout_url() function, altering, 139—140 get_object_or_404, using in Django, 69 get_recently_viewed() function, uses for, 201 Git, 6 global_settings.py file, opening, 67 Google proprietary database storage engine, 324 submitting a sitemap to, 242 submitting orders to, 111—112 Google Adwords Keyword Tool, for checking keywords people are searching for, 235 Google Analytics, 246 signing up for, 248 „ INDEX 373 Google App Engine deploying project into, 50 Django on, 341—364 signing up for a developer account with, 342 signing up for an account, 342 starting registration process, 342 the inconvenient truth about, 342 verifying account via SMS, 343 Google App Engine Patch, web site address, 343 Google App Engine SDK, downloading for the Python environment, 343 Google App Engine Store creating new, 346—353 views and templates for, 356—361 Google Base, web site address, 251 Google Base product feed, 251—252 Google Checkout API, 109—124 sandbox account for testing Google Checkout, 110—111 signing up with, 110—111 submitting orders to, 111—112 Google Checkout button, checkout views and URLs, 141—143 Google Checkout Merchant Account signing up for, 110—111 upgrading sandbox account to, 124 Google Checkout page, redirecting user to, 119 Google Checkout sandbox account signing up for, 110—111 web site address, 110 Google Checkout XML API, web site address, 111 Google datastore, managing indexes for, 361— 362 Google Keyczar, 271—273 amending import statement after using easy_install utility, 273 Google Sets, using for keyword lists, 235 Google Webmasters, 245—246 google_base.xml, creating template for, 251 google_checkout.py file, creating, 116—118 Google's SEO guidelines, web site address, 232 groups, applying permissions to, 257 „H hash salt, using to compute hash value, 268— 269 Haystack search package, 192 header tags, treatment of by browsers, 234 Hello App Engine Path, for Django, 346 help_text property, 51 helper functions (methods) in forms.py file, 136 on test classes, 311 home page building, 202—204 example of, 33 recommendations, 196—202 home page view function, adding data from new stats app into, 203 Horizontal Integration Model, invoking explicitly for deployment, 325 hosting plan, finding for your app deployment, 325 hostname, canonicalizing, 237 HTML anchor tag, providing for copying and pasting into other sites, 232 HTTP requests making in Python, 114—115 secure, 128—129 HTTP status code of 500 meaning of, 219 troubleshooting with view function, 220 httplib HTTP common status codes, table of, 305 httplib module, in Python, 128 HTTPS protocol, configuring for deploying web application, 334 hybrid approach method adding to product page, 196 method for, 196 „I icontains field lookup keyword argument, retrieving products using, 180 id integer field, 41 image tag line, changing in template, 178 image tags, handling of alt text for by browsers, 234 image templates, making changes to, 177—178 ImageField, 55 images adding new to product page, 176—177 dealing with, 173—174 inbound links, importance of, 232—233 include directive, using, 35—37 inclusion tag, adding function for in catalog_tags.py file, 202 „ INDEX 374 inclusion_tag() function call, passing template name into, 102 IndexError, raised trying to get the category, 307 inheritance, advanced templates with, 25—28 __init__() method, 88 __init__.py file, 45 creating, 188 for ecomstore project, 18 inner Meta class, exclude value in, 137 INSTALLED_APPS including sitemaps app in, 243 installing redirects app to, 244 INSTALLED_APPS Python tuple, 22—23 installing MySql, 9 PyDev extensions, 9 Python, 7—8 software, 7—9 integer data types, used in apps, 50 IntegrityError, testing for, 314—315 InvalidSignatureError exception, raised by Decrypt() function, 273 inventory management and purchasing, for e- commerce applications, 13 is_active permission, controlling access to site with, 256 is_bestseller field, 55 is_featured field, 55 is_staff permission, controlling access to site with, 256 is_superuser permission, controlling access to site with, 256 is_valid() method, 127 isapi-wsgi module for integrating IIS with Python WSGI applications, 328 web site address for obtaining source code, 328 ISUD mnemonic, in SQL syntax, 41 „J JavaScript, finishing touches, 226—229 JavaScript function, for linking view function and interface, 223 JavaScript libraries, availability of, 208 JavaScript Object Notation (JSON), 211—212 returning all active products on site with, 212 join() function, using, 34 joins, avoiding expensive, 281—283 jQuery basics, 209—211 downloading, 208—209 for Ajax, 208—213 jQuery functions, chaining together, 210 jQuery JavaScript library, 208 jQuery object referencing elements in the DOM with, 209 via $ syntax, 210 „K Kern, Christoph, Foundations of Security: What Every Developer Needs To Know by, 278 Kesevan, Anita, Foundations of Security: What Every Developer Needs To Know by, 278 key file, generating one that doesn't require a passphrase, 336 key name, choosing value for, 289 Keyczar. See Google Keyczar keyczar.py module, for creating keys, 272 keyczart module, creating a keyset with, 272 keys and certificates, generating with OpenSSL, 335 keyset, creating with keyczart module, 272 keyword list generating, 235—236 narrowing search terms in, 236 using Google Sets for, 235 keywords for creating queries, 182 in URLs, 234—235 keywords meta tag, contents of, 234 Kimball, Ralph, Data Warehouse Toolkit, The: The Complete Guide to Dimensional Modeling (Second Edition) by, 246 Kofler, Michael, The Definitive Guide to MySQL, Third Edition by, 40 Kornewald, Waldemar, App Engine Patch project started by, 343 „L Link to Cart box, creating custom template tag to contain, 101—102 list_display, 58 list_display_links, 58 list_filter property, 150 „ INDEX 375 list_per_page, 58 local settings, configuring, 259 locale module, formatting and displaying currency values with, 97 localflavor module, for capturing form information in other countries, 134 locals() function, 69 location, location, location, path to project, 34 log_product_view() function adding the call to, 202 logic for acquiring valid IP address, 311 logged_out.html, creating template for, 160 login and registration pages, creating, 156—160 login page adding code for, 157 creating, 156 login view, code for, 153—154 login() function vs. authenticate() function, 158 Logs page, containing server error info for your app, 363 lookups, complex with Q objects, 182—183 Luhn algorithm, 134 „M _make_token() function, calling, 317 manage.py file, adding common commands to, 286 manage.py file contents of, 21 for ecomstore project, 18 Manager classes, creating custom, 181 many-to-many relationship, 42 max_digits argument, DecimalField, 55 MD5 hash algorithm, use of to compute password hashes, 268 media generator utility, adding brubeck.css file with, 360—361 MEDIA_ROOT variable, setting, 176 MEDIA_VERSION number, importance of changing for deployed sites, 345 Memcache wiki, web site address, 290 Memcached, caching with, 287 Memcached server, hooking up once installed, 287 Merchant ID and Merchant Key adding to settings.py module, 115 for Google Checkout, 115 Merchant Key and Merchant ID, for Google Checkout, 115 Mercurial, 6 Meta class declaring, 52 defining two methods on, 53 meta tag content, fields used in, 78 meta tags, importance of for searching, 233 meta tags and page titles, configuring, 66—68 microformatted data, example of, 239 middleware, 125 MIDDLEWARE_CLASSES Python tuple, 22—23 minus (-) sign, for sorting in reverse order, 52 mod_rewrite, web site address, 37 mod_rewrite module, implementing custom middleware class with, 238 mod_rpaf module, installing, 332 mod_wsgi file, creating, 328—329 mod_wsgi module, for hooking Apache into Django, 328 model data, playing with, 64 model field data types, 48—50 model layer, 41 model managers, querying for product data, 180—182 model relationships, importance of order in, 63 model structure and data, playing with, 64—65 model validation, a note on, 59—60 ModelForm option, making full use of, 127 models, searching, 280—281 models. See also Django models playing with structure and data, 64—65 synching up and validating, 60—63 models.py file, 45 adding code for product review model to, 213 adding code to Product model in, 194 adding model definitions to, 131—133 creating new Manager class in, 203 creating Product model in, 54—56 models.py module, creating model definition in, 167 Modern Musician application code in review, 73—74 considerations before starting, 9—12 functional specifications for, 2 how it works, 75—77 monkey patching, in Python, 155 MooTools, JavaScript library, 208 My Account page, 160—162 adding import statements to, 161 „ INDEX 376 creating, 156 example of final, 160 My product page, example of, 74—75 my_account.html template file, creating and adding template code to, 161 MySQL installing, 9 web site address, 21 MySQL database creating for Django project, 19—22 importance of changing password before using, 20 MySQL storage engines, 20 mysql utf-8 collation, 21 mysqldump utility, web site address, 339 „N NameVirtualHost directive, updating, 334 navigation tags, creating, 107—108 navigation.html file adding additional links to, 159—160 editing list of links in, 107 network connections, creating, 128 network latency, dealing with, 226—227 Nginx configuring to forward IP address from incoming requests, 332—333 for static media, 331 installing and configuring, 331—333 web site address, 331 NginX virtual host file, adding entry to for listening for traffic on 443, 337 NoArgsCommand, creating a subclass of, 286 Not Invented Here (NIH) Syndrome, danger of, 246 n-tier architecture, 44 numbers, storing, 50 „O offset, formula for calculating, 351 OLAP (Online Analytical Processing), 247 old_price field, argument for, 55 OLTP (Online Transaction Processing), 247 one-to-many relationship, 42 one-to-one relationship, 43 opening and closing form elements, creating, 93 OpenSSL, web site address, 335 order administration, 149—151 ORDER BY clause, using in SELECT queries, 42 order checkout by Django, 130—151 requirements for, 124—129 Order Details page, 167—169 creating, 156, 163—165 order filtering customer-based, 195 hybrid approach, 195—196 order form, and checkout template, 143—149 order information models, 131—133 Order model contents of, 131 defining get_absolute_url() method on, 162 order processing, preparing module for, 139— 141 order_details URL entry, 157 order_info.html, creating and adding code to, 169 order-based filtering, 194 ordering variable, 58 setting, 52 OrderItem model, contents of, 131 OrderItemInline class, creating, 150 orders giving status field to, 131 submitting to Google Checkout API, 111— 112 ORM, in Django, 44—45 „P padder classes, use of, 31 padlock symbol, indicating a secured site, 124 page content, importance of for searching, 233 Page Not Found error, in Django, 69 page titles and meta tags, configuring, 66—68 PageRank algorithm, used by search engines, 232 pagination, of search results, 183—184 pagination_links.html file, creating and adding template code to, 189 Paginator instance, creating new in views.py file, 190 parameters, URL-encoding for post request, 138 Parlar, Jay, SSL middleware created by, 125 passkey.py file, creating and adding code to, 275 „ INDEX 377 passphrase, removing from key file, 335—336 password_change_done.html, adding template code to, 163 password_change_form.html, adding template code to, 162—163 passwords making more secure, 260—261 storing customers securely, 267—269 PCI (Payment Card Industry) compliance, 11 PCI Security Standard, reading and complying with, 270 percentage (%) wildcard character, substituting with other ORM matchers, 281 performance, improving, 279—297 period (.) character, escaping with a backslash, 243 permissions. See also Django permissions applying to groups, 257 pipe ( | ) character, using to separate transactions, 138 POST and GET, used when processing forms, 88 POST request, basics of constructing, 114 post() function arguments taken by, 212 making Ajax requests with, 212 _prepare_words() function, 186 prepareDocument() function, 211 adding code to attach events and behaviors to, 216 prepend() function, adding review to top of reviews div with, 219 prepopulated_fields variable, 58 Presentation Tier, 44 preview app, creating, 28 primary key, 41 privacy policy, creating page for on cart app, 105 process() method, 140 processed status, 133 product and category admins, 57—59 product catalog testing, 304—313 writing functional tests for, 304—307 product catalog model tests, writing, 313—315 product catalog tagging, 220—226 Product class, adding code to, 203 product data, setting up, 45—56 product database table adding three new columns to, 175 making edits to, 174—175 product images, 173—178 naming of, 63 product model adding test class for, 313 creating, 54—56 editing, 175—176 most important field in, 56 removing field from, 175 Product model class, adding cache_key property to, 292—293 Product model class, hooking up the new Manager class in, 181 product model instance, adding new tags to, 222 product orders, looking up using order number, 263 product page adding a new redirect to, 244 adding RDFa-formatted markup to, 239—240 changing the slug on, 244 deciding information needed for, 47 rough sketch of, 46 product page recommendations, 193—194 a hybrid approach, 195—196 product page view, variables to test for in response context, 312 product pagination, testing, 191 product review controls, flow of in action, 216 product review form adding a review to, 219—220 troubleshooting, 219—220 product reviews, 213—220 adding in Ajax, 219—220 the Ajax part of the equation, 216—219 product search creating instant, 179—180 implementing, 179—192 product tag cloud page, adding to site's footer, 225—226 product tagging, 220—226 enabling, 222 product template, adding form variable to, 92 product.html file, adding code to, 71 product_list.html template file, creating and adding code to, 202 product_review.html file adding CSS code to, 215 creating and adding code to, 215 „ INDEX 378 product_thumbnail.html, creating, 178 products() function, calling to get search results, 186 profile.py file, creating and adding function definitions to, 168 Programming Collective Intelligence, by Toby Segaran, 204 promotional email box, 122 property decorator, in Python, 115—116 Prototype, JavaScript library, 208 public-key cryptography, asymmetric cryptography use of, 334 purchasing and inventory management, for e- commerce applications, 13 put() method, calling to save generated cart items, 355 PyDev extensions, installing, 9 Python building XML documents in, 112—114 duck typing in, 155 making HTTP requests in, 114—115 monkey patching in, 155 Python Abstraction Notation One library creating a symbolic link to, 272 web site address, 271 Python and Django test methods, 301—303 Python Cryptographic Toolkit for handling cryptography inside Python, 270 web site address, 271 Python decorators, caveat about, 53 Python function for credit card validation, 134 that acts as a Django view, 23—24 to return directory as a string, 34 Python httplib module, submitting sensitive data with, 128—129 Python Imaging Library (PIL), installing, 174 Python list comprehension, building the result with, 136 Python programming language Django web framework written in, 4 installing, 7—8 Python property decorator, 115—116 Python unittest.TestCase testing methods, 301 Python-memcached module, web site address, 287 „Q Q objects, complex lookups with, 182—183 queries, breaking up to improve performance, 282 query string, what it contains, 263 Query(Category), google.appengine.db.Query generated by, 350 querying applying a filter to, 181 model managers for product data, 180—182 „R random number generator, provided by operating systems, 198 RDFa-formatted markup, adding to product page, 239—240 ready() function, calling on the document body, 210 receipt page, after placing order, 148 receipt.html file, adding template code to, 145— 146 recommended_from_search() function, 200 recommended_from_views() function, using, 202 redirects app, installing, 244 redirects framework, in Django, 244 refunds, handling of, 124 registration form making more secure, 260—261 signing with hidden input field, 264—265 updating view function for improved security, 261 registration page creating, 156 setting up views for, 157 registration/order_details.html file, creating, 164 regulatory guidelines, for web accessibility, 10 relational database. See also databases what makes it, 42—44 --remote argument, using to query for and edit model instances, 363 render_to_response() function greater ease with, 28—29 using, 69 render_to_string() function, using Django's, 218 reorder quantity, 13 „ INDEX 379 request, dictionary of headers for, 138 request-response system. See sessions resolve() method, retrieving value of template_name keyword argument with, 309—310 Resource Description Framework in attributes. See semantic web-microformats & RDFa response object, context property for testing for variables, 311 restart command, performing both start and stop with, 327 results() view function, adding code to, 191 results.html file, creating, 190—191 retrieve() method, getting currently authenticated user profile with, 168 Return Policy page, 105 reverse order, sorting in, 52 reverse proxy add forward module for Apache (mod_rpaf), installing, 332 review model, adding code for to models.py file, 213 review model and form, 213—214 robots.txt file adding to your site, 241—242 creating and adding text to, 241 Ross, Margy, Data Warehouse Toolkit, The: The Complete Guide to Dimensional Modeling (Second Edition) by, 246 Ruby on Rails, migration to Django, 175 runserver command running, 61 running App Engine projects locally with, 343 „S sale_price() method using custom, 72 using, 313—314 sandbox account creating, 110—111 upgrading to Google Checkout Merchant Account, 124 save() method, calling on a view, 202 scalability, importance of for performance, 279 scaling, for improving performance, 279—297 Schneier, Bruce, Applied Cryptography Protocols, Algorithms, and Source Code in C, Second Edition by, 270 script.aculo.us, JavaScript library, 208 scripts.js file, adding custom JavaScript code to, 210 search, implementing, 184—185 search app, adding code to tests.py file in, 319 search box adding to search module, 191—192 coding form class for, 187 resolving problems with, 211—211 Search Engine Optimization, 11 search engine optimization (SEO), 66, 231—254 Search Engine Results Pages (SERPs), making site friendly for adding to, 231 search engines canonicalization process, 237 making a best guess, 237 sitemaps for, 242—243 search module, 185—187 search requirements, 180 search results, pagination issues, 183—184 search template tags, 187—189 search view and template, 189—192 search.py file, creating, 185—187 search_box.html file, creating and adding code to, 188 search_fields, 58 search_searchterm table, adding a column to, 198 search_tags.py file, creating and adding code to, 188 searches, dealing with, 198—200 searching, hand-coded form for, 179—180 SearchTerm model, editing inside search/models.py, 198 Section 508, web accessibility guidelines, 10 security importance of for applications, 10 of MySQL database, 20 security testing, 319—321 Segaran, Toby, Programming Collective Intelligence by, 204 SELECT command, 41 semantic web-microformats & RDFa, 238—240 Send shipping notice button, for shipping the product, 123 SEO guidelines, Google's web site address for, 232 session expiration value, setting, 285 „ INDEX 380 SESSION_AGE_DAYS, calling to remove old carts, 285 SESSION_COOKIE_SECURE value, setting, 84 sessions enabling and using, 85—86 introduction to, 80—86 SessionStore class, request session object as instance of, 85 set() function, for setting a new item in the cache, 289 set() method, retrieving profile of current user with, 168 settings file, storing number of products per row in, 199 settings.py file adding configuration values to, 137 adding Merchant ID and Merchant Key to, 115 adding new app to INSTALLED_APPS in, 116 adding new cart app to, 83 adding new class to MIDDLEWARE_CLASSES in, 237 adding profile module to, 167 changing for Django admin interface, 56—57 defining one constant variable in, 189 for ecomstore project, 19 settings_local.py file, creating for configuration variables, 259 setup() method called by Django test runner, 305 instantiating Client class in, 306 SHA-1 (Secure Hash Algorithm), for secure storage of passwords, 267—268 shipped status, 133 shipping option, added to XML cart, 118 Shopify, applications for selling stuff online, 2— 3 shopping cart creating, 79—108 naming, 79 requirements, 79—80 shopping cart model, 82—83 requirements for, 82 shopping cart page adding style definitions to CSS file, 97 creating, 95—101 opening cart template and replacing code in, 98—100 with Google Checkout button, 120 shopping cart table, adding style definitions to CSS file, 97—98 shopping cart XML, example of, 112—113 shopping carts, removing expired from database, 284 show_category view function, adding code to use Memcached to load products, 291 show_checkout() view function, tweaking for Checkout page, 169 signup page, creating template file for, 158—159 simplejson module downloading and installing, 271 web site address, 271 site checkout & orders, 109—151 site navigation include, 35—37 sitemap.py file, creating and adding code to, 242—243 /sitemap.xml, testing in browser to verify it's working properly, 243 sitemaps for search engines, 242—243 making viewable, 243 specifications for, 242 submitting, 245 size attribute, setting for form fields, 136 skip link, adding to code, 31 SliceHost book companion site hosted on, 326 web site address, 326 slideToggle() function, for bringing hidden elements into view, 216 SlugField. See Django SlugField SlugField field type, 48 using for records lookup, 49 software installing, 7—9 used in book, 5—6 sort_words() function, passing Python list to, 199 source code getting onto your deployment machine, 328 making friends with Django's, 153—154 specifications, creating functional before programming, 1—2 Sphinx full-text search engine, web site address, 192 spiders, used by search engines, 232 split() method „ INDEX 381 calling on a string, 138 complex lookups with in Python, 182—183 SQL, introduction to, 40—42 SQL injection attacks, preventing, 265—266 SQL syntax, basics of, 40—42 SSL (Secure Socket Layer), configuring for deploying web app, 334—338 SSL middleware created by Stephen Zabel and Jay Parlar, 125 for securing sensitive checkout data, 124— 126 hooking into project, 126 securing a site with, 124 web site address, 126 startapp search app adding model definition to, 184 creating, 184 statelessness of HTTP, 81 static content, serving on Windows, 33 static media generator, in App Engine Patch, 345 stats app creating model to log product page views in, 200 creating stats.py file in, 197 creating to store code for tracking information in, 197 stats.py file adding imports and function definitions in, 199 adding imports and function definitions to, 200—201 creating in stats.py file, 197 status field, meaning of statuses in, 133 store app creating store_product.html template file in, 359 creating template file for category page, 359 creating template file for homepage, 358 creating url.py file in and adding URL entries, 357 store() function, adding code to for tracking_id, 198 store/views.py file, creating view functions and URL entries in, 356—357 store_category_list.html, creating and adding code for links, 350 strftime('%B') Python function, benefits of using, 136 string fields, defining in your application, 49 strip_non_numbers() method, 136 STRIP_WORDS constant, 186 Structured Query Language (SQL). See SQL; SQL syntax submitted status, 133 Subversion, 6 Subversion repository, code available for checkout from, 6 superuser account, creating for Django project, 61 supply chain management, for e-commerce applications, 13 symmetric cryptography, 270 syncdb script, running, 61 „T tag cloud, creating, 224—226 Tag model, function of, 221 tag.html template file adding template code to, 225 adding URL definitions to, 225 creating, 229 tag_link.html file, creating and adding code to, 222 TaggedItem model, function of, 221 tagging module, registering models you want to tag in, 221 Tamper Data, addon for Firefox, 7 tasks, running daily, 14 template, search view and, 189—192 template & view basics of, 23—25 changes, 214—216 template caching, 288—289 template files, creating, 69—72, 358 template filters, in Django, 96—97. See also Django template filter template inclusion tags, creating, 187 template inheritance, 25—28 template tags, adding custom, 101—108 template testing, 309—311 template_name keyword argument, retrieving value of, 309 templates. See also Django templates advanced with inheritance, 25—28 shipped with Django source, 155 „ INDEX 382 templates directory creating billing subdirectory in and adding add_card.html to, 276 creating catalog.html in, 26—27 creating checkout subdirectory in, 144 creating new search subdirectory in, 190— 191 templates folder, creating tags directory in, 35 templates, URLs, and views, 65—73 templates/tags directory creating footer.html file and adding code for, 107 creating form_table_row.html in, 143—144 templatetags directory creating, 187 creating and adding modules to, 144 test classes, anatomy of, 303 test code, for emulating a successful add-to- cart operation, 315—317 test database, creation of, 301 test methods, writing to ensure product view is working correctly, 310—311 test orders, example of list of placed on site, 150 test page, getting running, 346 test state, managing with fixtures, 307—308 test_add_product() method, looking at, 317 testing adding automated to your application, 300 checkout form, 318—319 forms and shopping cart, 315—318 implementation of listener, 330 security of web app, 319—321 tests, running for a single app in project, 305 tests.py file, 45 adding Client test class to, 318—319 adding code to for category testing, 308 created by Django, 303 removing placeholder code from, 304 TextField field type, 48 Thanks page, after finishing Google Checkout, 122 third normal form (3NF), 43 third-party search solutions, 192 three-tier architecture, 44 timeout value, setting for items in cache, 290 title and meta tags, 233—234 title tags, making the best use of, 233 tracking_id adding code for in store() function, 198 creating a new one, 198 generating random strings of characters for, 198 trademark and copyright issues, 235 troubleshooting, product review form, 219—220 True/False fields, 51 managing products with, 56 try keyword, detecting exceptions with, 114 Twitter, dictionary attack on, 260 „U Ubuntu Linux Server 8.10 operating system, deployment examples done on, 325 Ubuntu Server, notes on, 327 Ubuntu Server machine, installing Apache web server on, 326—327 underscore (_) character, use of in function names, 91 __unicode__() method, checking, 314 UPDATE command, 41 update() method, adding query to results dictionary with, 186 URL definition, adding to catalog app's urls.py file, 219 urlcanon.py file, adding redirect middleware to, 237 urlfetch syntax, using, 363 urlopen() function, 114 urlpatterns, adding code to, 190 urlpatterns tuple, updating, 65—66 urlresolvers module, returning location of checkout page with, 140 URLs a word or two about, 37 best delimiters to use in, 234 keywords in, 234 moving content from one to another, 244 submitting to Google for your site, 240—241 urls.py file adding code for navigating to homepage, 28—29 adding code to, 65 adding lines to list of patterns in, 155 adding logic to include static media path, 32 adding robots code to, 242 adding URL definition to, 224 adding URL definitions to, 156—156 creating and adding URL entry to, 358 creating inside new search app, 190 „ INDEX 383 creating new, 141 creating URL entry inside marketing app in, 252 editing to navigate to admin interface, 57 for ecomstore project, 19 generating and routing links with, 53 urlset creating other url elements inside of, 242 maximum value set by Google, 243 user accounts, creating, 153—171 User model, for creating user accounts, 153— 171 user session information, tracking, 84 UserCreationForm, code for displaying, 158— 159 users, applying permissions to, 257 utils app, creating and adding to settings.py file, 66 uviews.py file, adding code to product view in, 214 „V val() function, calling on an element, 211 validation, of models, 59—60 value() method drawback to using, 280 getting one or a few fields with, 280 Verisign for certificate verification, 335 web site address, 335 version control, a note on, 6 view, simple for testing homepage, 28 view function creating to handle search requests, 180 creating to process newly submitted tags, 222 view functions and URL entries, creating for App Engine, 356—357 view-based recommendations, 200—202 views coding up catalog, 68—69 creating that pass in RequestContext object, 68 views.py file, 45 adding code for view function in, 189—190 adding code to use Memcached to load products, 290 adding data into view function in, 203 adding import statements and view functions to, 68—69 adding list of imports and two views functions to, 141—143 adding product review view function to, 217 adding tag cloud functions to, 224 adding view function for tagging to, 223 adding view function in, 252 changing show_cart() view function in, 100 creating a single view function in, 28 creating a single view function in, 275—276 creating view function in, 163 making robots.txt file available at root of site, 241 updating to handle POST requests, 91—92 views.py module, adding code to else block in, 169 virtual host, creating a file for inside sites- available, 332 virtualenv, web site address, 323 void, 129 „W warning message, adding to top of site, 228—229 web accessibility importance of for applications, 10—11 regulatory guidelines for, 10 web app project, deploying using appconf.py, 344 web apps scaling horizontally, 324 scaling vertically, 324 security testing, 318—321 why we test them, 299—300 web development, start of, 1 web security, overview, 255—278 web server, using Apache 2.2 as, 326 Web Server Gateway Interface (WSGI) standard interface, supported by Google App Engine, 341 web site launching into production, 240—245 protecting against external attacks, 258—266 securing from within, 255—257 verifying that you own it, 245 web site addresses Advanced Integration Method (AIM) Implementation Guide, 138 Amazon's Elastic Cloud Compute, 325 „ INDEX 384 Apache 2.2, 326 App Engine documentation, 362 Authorize.Net test account, 148 buildout, 323 Capistrano, 323 cmemcache module, 287 Django online documentation, 63 django-sphinx, 192 dmigrations, 175 Dojo, 208 duck typing, 155 ElementTree library, 114 for advice on static files, 32 for developer performance rules, 209 for Django software download, 4 for downloading django-tagging, 220 for downloading Google App Engine Patch, 343 for downloading Google App Engine SDK, 343 for downloading jQuery, 208 for obtaining source code for isapi-wsgi module, 328 for package to log Django exceptions, 22 for sitemap specifications, 242 for thorough listing of character encodings, 138 for XML specification information, 113 Google Adwords Keyword Tool, 235 Google Base, 251 Google Checkout sandbox account, 110 Google Checkout XML API, 111 Google Sets, 235 Google Webmasters, 245 Google's BigTable database storage engine, 324 Google's SEO guidelines, 232 Haystack search package, 192 Luhn algorithm, 134 Matt Cutts blog, 234 Memcache wiki, 290 Memcached, 287 mod_rewrite, 37 MooTools, 208 MySQL, 21 mysqldump utility, 339 Nginx, 331 OpenSSL, 335 Prototype, 208 Python Cryptographic Toolkit, 271 Python function for credit card validation, 134 Python Imaging Library (PIL), 174 Python-memcached module, 287 Resource Description Framework in attributes, 238 robots.txt file, 241 script.aculo.us, 208 simplejson module, 271 SliceHost, 326 Sphinx full-text search engine, 192 SSL Middleware, 126 strftime('%B') Python function, 136 to sign up for Authorize.Net test account, 130 Verisign, 335 virtualenv, 323 WebFaction, 326 YUI, 208 webapp framework, in Google App Engine, 341 WebFaction, web site address, 326 WHERE clause, 41 widget argument, 87 wildcard character (*), use of in SQL query, 280 Windows system, function to return directory as a string, 34 „XYZ XML documents basic rules for well-formed, 113 building in Python, 112—114 XML sitemap, example of, 242 XML specification information, web site address for, 113 XSS attacks. See cross-site scripting attacks YAML configuration file, editing, 344 YUI, JavaScript library, 208 YUI Compressor, using, 345 Zabel, Stephen, SSL middleware created by, 125 Offer valid through 4/10. 233 Spring Street, New York, NY 10013